Cybercriminals exploited the absence of multi-factor authentication on a legacy server to infiltrate UnitedHealth subsidiary Change Healthcare, CEO Andrew Witty told a congressional committee. Up to a third of Americans had personal and health information stolen in the attack. Witty apologised and pledged to make UnitedHealth’s cyber defences “stronger than ever”. The insurance provider paid a $22m Bitcoin ransom and has since provided $6.5bn in accelerated payments to affected providers.
Ascension is the latest health company in Tennessee to undergo a cybersecurity attack
Tennessee-based health company Ascension has been the latest victim of a cybersecurity attack.